table of Contents
18 common tools for traffic monitoring
tcpdump view a certain port data
Five, related parameters and description
1. Iftop interface related instructions
Some operation commands after entering the iftop screen (note the case)
linux view a certain ip traffic
Network card traffic monitoring
Use iptraf to view the bandwidth and traffic of a specific port of TCP/UDP
18 common tools for traffic monitoring
nload, iftop, iptraf-ng, nethogs, vnstat. nagios, use Ntop to monitor network traffic
https://www.cnblogs.com/timssd/p/7209069.html
tcpdump view a certain port data
tcpdump -i eth0 -nn -A port 10021
tcpdump src 10.20.80.1 and port 10021tcpdump -i eth1 -nnn udp port 21001
-i means designated network card
-nnn designated communication protocol
port designated port number
Common parameters of tcpdump: https://www.cnblogs.com/gaoyuechen/p/8249590.html
https://www.jianshu.com/p/e3292f4dcc99
iftop
Original: http://www.vpser.net/manage/iftop.html
Fourth, run iftop
Run directly: iftop
The effect is as follows:
Five, related parameters and description
1. Iftop interface related instructions
What is displayed on the interface is the scale range similar to the scale, which is used as a ruler to display the long bar of the flow graph.
The two left and right arrows in the middle <= => indicate the direction of flow.
TX: Sending traffic
RX: Receiving traffic
TOTAL: Total traffic
Cumm : Total traffic from running iftop to the present time
peak: Peak traffic
rates: respectively represent the average traffic of the past 2s, 10s and 40s
2. Iftop related parameters
Commonly used parameters
-i sets the monitored network card, such as: # iftop -i eth1
-B Display the flow in bytes (the default is bits), such as: # iftop -B
-n makes the host information directly display the IP by default, such as: # iftop -n
-N makes the port information directly display the port number by default, such as: # iftop -N
-F displays the in and out traffic of a specific network segment, such as # iftop -F 10.10.1.0/24 or # iftop -F 10.10.1.0/255.255.255.0
-h (display this message), help, display parameter information
-p After using this parameter, the local host information displayed in the middle list shows IP information other than the local machine;
-b causes the flow graph bar to be displayed by default;
-f This is not very useful for the time being, it is used for filtering calculation packets;
-P causes the host information and port information to be displayed by default;
-m sets the maximum value of the uppermost scale of the interface, the scale is displayed in five large segments, for example: # iftop -m 100M
Show traffic by port
Iftop enters the interface, first press the lowercase t, p, the data from and to merge into one line (t), display the port numbers of both parties (p)
Let the machine name and port number service name on the left, parse it. Press case n
Block the IP and port number in the middle, so that the port number on the left will be deduplicated. Case D
Maybe it's not good enough, but sometimes it can be done.
https://blog.csdn.net/DianWen119/article/details/113354551
Some operation commands after entering the iftop screen (note the case)
Press h to switch whether to display help;
Press n to switch to display the IP or host name of the machine;
Press s to switch whether to display the host information of the machine;
Press d to switch whether to display the host information of the remote target host;
Press t to switch the display format to 2 lines/1 line/only display sending flow/only display receiving flow;
Press N to switch to display port number or port service name;
Press S to switch whether to display the port information of the machine;
Press D to switch whether to display the port information of the remote target host;
Press p to switch whether to display port information;
Press P to switch the pause/continue display;
Press b to switch whether to display the average flow graph bar;
Press B to switch to calculate the average flow rate in 2 seconds or 10 seconds or 40 seconds;
Press T to switch whether to display the total flow of each connection;
Press l to open the screen filtering function, enter the character to be filtered, such as ip, press Enter, the screen will only display the traffic information related to this IP;
Press L to switch the scale on the upper side of the display screen; different scales, the flow graph bar will change;
Press j or k to scroll up or down the connection records displayed on the screen;
Press 1 or 2 or 3 to sort according to the three columns of flow data shown on the right;
Press <to sort by local name or IP on the left;
Press> to sort according to the host name or IP of the remote target host;
Press o to switch whether it is fixed and only display the current connection;
Press f to edit the filter code. This is a translated version. I haven't used this yet!
Press! You can use the shell command, this one has never been used! I didn't understand what commands are easy to use here!
Press q to exit monitoring.
linux view a certain ip traffic
https://blog.51cto.com/kaifly/1840121
Network card traffic monitoring
https://blog.51cto.com/kaifly/1783530
Use iptraf to view the bandwidth and traffic of a specific port of TCP/UDP
1. Open iptraf or iptraf-ng in the terminal (install it yourself if it is not installed, the official source has it), select Configure —— Additional ports, then enter the port range, if you view 22, enter 22 —— 22, and then exit iptraf, such as As shown in the figure:
2. Reopen iptraf and select Statistical breakdowns —— By TCP/UDP port —— eth0, so that you can view the bandwidth occupation and traffic of a specified port of the eth0 network card. as the picture shows:
